Thursday, January 14, 2016

What is a Zip Bomb ?

A Zip Bomb or Zip of Death or Decompression Bomb is a malicious archive file that crashes the program or the system that tries to read it.

Normally, a Zip Bomb consists of a compressed file such that when a program tries to decompress it, it takes huge amount of time, disk space or memory and as a result, the program or the system crashes.

Where is Zip Bomb used ?

A Zip Bomb is normally used by an attacker to disable anti-virus software, so that the computer can be easily infected by malware.

It is usually a small compressed file which does not create much suspicion. But, when a program tries to decompress it, its contents become larger than the program or the system can handle. As a result, when an anti-virus program tries to scan it, it ends up crashing.

How is a Zip Bomb made ?

A Zip Bomb typically contains layers of nested zip files, such that when the compressed file is decompressed recursively, the size of the decompressed file ends up being in petabytes.

To give an example, is a popular Zip Bomb. It consists of 42 kilobytes of compressed data. This compressed file has five layers of nested zip files. And, each layer consists of 16 compressed files, where each compressed file consists of 4.3 gigabyte of data after decompressing. So, in total the Zip Bomb will consist of 4.5 petabytes of data when it is decompressed.

Is there any preventive measure for Zip Bomb ?

Most of the recent anti-virus programs are capable of preventing Zip Bombs. Normally, in anti-virus scanners only a few layers of recursion are performed on archives. And, Zip Bombs often repeatedly use identical files. So, Dynamic Programming methods are used to detect them and to limit their expansion.

This was an article to inform you on another threat. Hope you liked it.

1 comment: